GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-05 18:01:17 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 ST3750330NS rev.SN06 698,64GB Running: 1bges0tx.exe; Driver: C:\Users\sere\AppData\Local\Temp\aftcraog.sys ---- Kernel code sections - GMER 2.1 ---- PAGE C:\Windows\system32\drivers\ataport.SYS!DllUnload fffff88000e1c4a0 12 bytes {MOV RAX, 0xfffffa8003d7b2a0; JMP RAX} .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff8800ee4cd64 12 bytes {MOV RAX, 0xfffffa8004d032a0; JMP RAX} ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff880010dc650] \SystemRoot\System32\Drivers\spyt.sys [unknown section] IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff880010dc5dc] \SystemRoot\System32\Drivers\spyt.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010a735c] \SystemRoot\System32\Drivers\spyt.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010a7224] \SystemRoot\System32\Drivers\spyt.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010a7a24] \SystemRoot\System32\Drivers\spyt.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010a7ba0] \SystemRoot\System32\Drivers\spyt.sys [unknown section] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdePort0 fffffa80049ca2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 fffffa80049ca2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80049ca2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa80049ca2c0 Device \Driver\a403b24n \Device\Scsi\a403b24n1Port2Path0Target0Lun0 fffffa800579a2c0 Device \Driver\a403b24n \Device\Scsi\a403b24n1 fffffa800579a2c0 Device \FileSystem\Ntfs \Ntfs fffffa80049ce2c0 Device \Driver\usbuhci \Device\USBFDO-3 fffffa80057652c0 Device \Driver\usbuhci \Device\USBPDO-1 fffffa80057652c0 Device \Driver\cdrom \Device\CdRom0 fffffa800533a2c0 Device \Driver\cdrom \Device\CdRom1 fffffa800533a2c0 Device \Driver\usbehci \Device\USBFDO-4 fffffa80057692c0 Device \Driver\usbuhci \Device\USBPDO-2 fffffa80057652c0 Device \Driver\usbuhci \Device\USBFDO-0 fffffa80057652c0 Device \Driver\usbuhci \Device\USBPDO-3 fffffa80057652c0 Device \Driver\usbuhci \Device\USBFDO-1 fffffa80057652c0 Device \Driver\volmgr \Device\HarddiskVolume1 fffffa80049c62c0 Device \Driver\volmgr \Device\FtControl fffffa80049c62c0 Device \Driver\volmgr \Device\VolMgrControl fffffa80049c62c0 Device \Driver\volmgr \Device\HarddiskVolume2 fffffa80049c62c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80054722c0 Device \Driver\usbehci \Device\USBPDO-4 fffffa80057692c0 Device \Driver\usbuhci \Device\USBFDO-2 fffffa80057652c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80049ca2c0 Device \Driver\usbuhci \Device\USBPDO-0 fffffa80057652c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80049ca2c0 Device \Driver\a403b24n \Device\ScsiPort2 fffffa800579a2c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80049ca2c0]<< spyt.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa80049ca2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c1c130] fffffa8004c1c130 Trace 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa8004b229b0] fffffa8004b229b0 Trace 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0xfffffa8004b29060] fffffa8004b29060 Trace \Driver\atapi[0xfffffa8004ac1cb0] -> IRP_MJ_CREATE -> 0xfffffa80049ca2c0 fffffa80049ca2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\a403b24n.SYS fffff88004000000-fffff88004045000 (282624 bytes) ---- Processes - GMER 2.1 ---- Library C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll (*** suspicious ***) @ C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2856](2009-06-27 08:11:12) 0000000060900000 Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73C39AC4-F4BD-4366-8A71-98362F8C0ED7}\offreg.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [2648](2014-12-27 11:44:21) 000007fef23d0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\auth.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-04 17 0000000010000000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\burnlib.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04 0000000001ef0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\dsp_sps.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04 0000000000360000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\enc_aacplus.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292] 0000000001f10000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\enc_flac.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015- 0000000001f20000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\enc_lame.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015- 0000000001f30000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\enc_vorbis.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292] (Nullsoft Ogg Vorbis Encoder/Pawel Porwisz)(2015-04-04 17:32:51) 0000000001f40000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\enc_wav.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04 0000000001f50000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\enc_wma.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04 0000000001f60000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\gen_classicart.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292] (Album Art Viewer/Pawel Porwisz)(2015-04-04 17:32:51) 0000000001f70000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\gen_crasher.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292] 0000000001f80000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\gen_ff.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-0 0000000001f90000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\gen_find_on_disk.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292] (Find File On Disk/Pawel Porwisz)(2015-04-04 17:32:51) 0000000001fa0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\gen_hotkeys.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292] 0000000001fb0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\gen_jumpex.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2 0000000001fc0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\gen_ml.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-0 00000000027b0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\gen_nopro.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292] (Lite-n Winamp Preferences/Pawel Porwisz)(2015-04-04 17:32:51) 00000000027c0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\gen_orgler.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2 00000000027d0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\gen_skinmanager.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292] (Skin Manager/Pawel Porwisz)(2015-04-04 17:32:51) 00000000027e0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\gen_timerestore.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292] (Time Restore & Autoplay/Pawel Porwisz)(2015-04-04 17:32:51) 00000000027f0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\gen_tray.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015- 0000000002800000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\gen_undo.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292] (Playlist Undo/Pawel Porwisz)(2015-04-04 17:32:51) 0000000002810000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\in_avi.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-0 0000000002820000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\in_cdda.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04 0000000002830000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\in_dshow.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015- 0000000002840000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\in_flac.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04 0000000002850000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\in_flv.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-0 0000000002860000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\in_linein.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](201 0000000002870000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\in_midi.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04 0000000002880000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\in_mkv.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-0 0000000002890000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\in_mod.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-0 00000000028a0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\in_mp3.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-0 00000000028b0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\in_mp4.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-0 00000000028c0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\in_nsv.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-0 00000000028d0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\in_swf.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-0 00000000028e0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\in_vorbis.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](201 00000000028f0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\in_wav.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292] (Waveform Wrapper/Pawel Porwisz)(2015-04-04 17:32:51) 0000000002900000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\in_wave.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04 0000000002910000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\in_wm.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-04 0000000002920000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\in_wv.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292] (WavPack Decoder/Pawel Porwisz)(2015-04-04 17:32:51) 0000000002930000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ml_addons.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](201 0000000002940000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ml_autotag.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2 0000000002950000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ml_bookmarks.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-04 17:32:51) 0000000002960000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ml_devices.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2 0000000002970000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ml_disc.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04 0000000002980000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ml_downloads.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-04 17:32:51) 0000000002990000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ml_enqplay.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292] (ML Enqueue and Play/Pawel Porwisz)(2015-04-04 17:32:51) 00000000029a0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ml_history.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2 00000000029b0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ml_impex.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015- 00000000029c0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ml_local.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015- 00000000029d0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ml_nowplaying.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-04 17:32:51) 00000000029f0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ml_online.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](201 0000000002a00000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ml_orb.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-0 0000000002a10000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ml_playlists.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-04 17:32:51) 0000000002a20000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ml_plg.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-0 0000000002a30000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ml_pmp.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-0 0000000002a40000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ml_rg.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-04 0000000002a50000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ml_transcode.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-04 17:32:51) 0000000002a60000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ml_wire.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04 0000000002a70000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\ombrowser.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](201 0000000002a80000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\out_disk.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015- 0000000002a90000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\out_ds.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-0 0000000002aa0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\out_wave.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015- 0000000002ab0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\playlist.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015- 0000000002ac0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\pmp_activesync.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-04 17:32:51) 0000000002ad0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\pmp_android.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292] 0000000002ae0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\pmp_ipod.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015- 0000000002af0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\pmp_njb.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04 0000000002b00000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\pmp_p4s.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04 0000000002b10000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\pmp_usb.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04 0000000002b20000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\pmp_wifi.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015- 0000000002b30000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\tagz.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-04 17 0000000002b40000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\vis_avs.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04 0000000002b50000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\vis_milk2.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](201 0000000002b70000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\vis_nsfs.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015- 0000000002ba0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\winamp.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04-0 0000000002bb0000 Library C:\Users\sere\AppData\Local\Temp\WLZ6403.tmp\winampa.lng (*** suspicious ***) @ C:\Program Files (x86)\Winamp\winamp.exe [292](2015-04 0000000002c00000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x25 0x0F 0xEB 0x91 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x54 0xEF 0x41 0x74 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9F 0x97 0x68 0x3B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x25 0x0F 0xEB 0x91 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x54 0xEF 0x41 0x74 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9F 0x97 0x68 0x3B ... ---- EOF - GMER 2.1 ----